spf-discuss
[Top] [All Lists]

Re: SPF & proxy filters

2004-09-12 22:44:10
Kevin Peuhkurinen wrote:
Hi all. Forgive me if this has been discussed before. I'm sure it must have been, but I cannot find anything useful in the archives.

My problem is that for security reasons, all incoming email is first recieved by my Checkpoint firewall's SMTP Security Server. It is then handed off to my Exim/SpamAssassin box. I want to have Exim run SPF checks on the incoming mail and add the SPF headers. I am not at this point interested in enforcing any sort of policy, I just want the headers. The problem, of course, is that while Checkpoint preserves the envelope headers, the Exim box sees the sending IP and HELO as the firewall. I'm thinking that A) I'm SOL in terms of the specifications and B) if I want this to work I'm going to have to kludge something together that extracts the IP address of the sending host from the recieved headers and calls spfd itself or (>shudder<) write an OPSEC compliant module for the firewall itself.

Has anyone else already dealt with issues like this?

We were faced with the same problems some years ago. Checkpoint SMTP is a nice security feature but is a major PITA if you need to do something a bit outside of what it's exactly designed to do. We have an incoming SMTP server that receives (and possibly rejects) SMTP traffic. Mail is afterwards re-routed to an other SMTP server via the firewall. Email me directly if you need more info.
--
Rene Barbier
IRIS                            http://www.irislink.com/

|  Fight Spam! Join EuroCAUCE: http://www.euro.cauce.org/  |


<Prev in Thread] Current Thread [Next in Thread>